HttpCookie.HttpOnly in .NET and JavaScript
-
29-09-2019 - |
Question
Hello
A web site was developed and deployed to client. In some cases, I need to set the flag HttpCookie.HttpOnly = true
. Okay - I have done it. Next question:
- Is Cookie available after setting flag in JavaScript?
- or maybe some restriction when I am using JavaScript?
- or do I need to make some changes in existing JavaScript?
Solution
The purpose of using HttpOnly
is to prevent Javascript from accessing the cookie, primarily to prevent XSS attacks. There are decent write-ups on CodingHorror and MSDN about it.
Bottom line: if you need access to the cookie with Javascript you can not use HttpOnly.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow